Collaborate Disseminate
EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended. An Evil Maid attack is characterized by the […]
The post EvilAbigail –…
Read the full post at darknet.org.uk
Continue reading EvilAbigail – Automated Evil Maid Attack For Linux
Cross-Site Request Forgery is a term you’ve properly heard in the context of web security or web hacking, but do you really know what it means? The OWASP definition is as follows: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re […]
The post All You Need…
Read the full post at darknet.org.uk
Continue reading All You Need To Know About Cross-Site Request Forgery (CSRF)
Following shortly after the .io domain cock-up that left thousands vulnerable to domain hijacking, this week more than 750 domains were jacked via registrar Gandi. Seems like some pretty sloppy administration going on, but that’s how business goes sadly security is still a very much reactive trade. People don’t enable strict controls and audit…
Read the full post at darknet.org.uk
Drones have been taking over the world, everyone with a passing interest in making videos has one and DJI firmware hacking gives you the ability to remove all restrictions (no-fly zones, height and distance) which under most jurisdictions is illegal (mostly EU and FAA for the US). It’s an interesting subject, and also a controversial…
Read the full post at darknet.org.uk
Continue reading DJI Firmware Hacking Removes Drone Flight Restrictions
Some clever boffins including Internet software pioneer djb have gotten libgcrypt cracked via a Side-Channel attack which has to do with the direction of a sliding window carried out in the library. Patches have already been released so update your Lin… Continue reading GnuPG Crypto Library libgcrypt Cracked Via Side-Channel
The latest splash has been made by the Petya or NotPetya Ransomware that exploded in Ukraine and is infecting companies all over the World. It’s getting some people in deep trouble as there’s no way to recover the files once encrypted. The malware seems to be trying to hide it’s intent as it doesn’t really […]
The post NotPetya Ransomeware…
Read the full post at darknet.org.uk
Winpayloads is a tool to provide undetectable Windows payload generation with some extras running on Python 2.7. It provides persistence, privilege escalation, shellcode invocation and much more. Features UACBypass – PowerShellEmpire PowerUp – PowerShellEmpire Invoke-Shellcode Invoke-Mimikatz Invoke-EventVwrBypass Persistence – Adds payload…
Read the full post at darknet.org.uk
Continue reading Winpayloads – Undetectable Windows Payload Generation
TheFatRat is an easy-to-use Exploitation Tool that can help you to generate backdoors and post exploitation attacks like browser attack DLL files. This tool compiles malware with popular payloads and then the compiled malware can be executed on Windows, Linux, Mac OS X and Android. The malware that is created with this tool also has […]
The…
Read the full post at darknet.org.uk
So far this Nayana payout is the biggest ransomware payment I’ve seen reported, there’s probably some bigger ones been paid but kept undercover. Certainly a good deal for the bad actors in this play, and well using an outdated Kernel along with PHP and Apache versions from 2006 you can’t feel too sorry for Nayana. […]
The post South Korean…
Read the full post at darknet.org.uk
Continue reading South Korean Webhost Nayana Pays USD1 Million Ransom
pyrasite is a Python-based toolkit to inject code into running Python processes. pyrasite works with Python 2.4 and newer. Injection works between versions as well, so you can run Pyrasite under Python 3 and inject into 2, and vice versa. Usage [crayon… Continue reading pyrasite – Inject Code Into Running Python Processes